My Browser keeps reverting to proxy server!

Hi.

Best if you follow these instructions.

READ & RUN ME FIRST - Malware Removal Guide

 

Hi there Trev, these instructions should be clear enough to follow with ease. Here we go.

Re run Hitman Pro and have it delete all of the Malware remnants, Potential Unwanted Programs & also have it fix the item on the "Repairs" tab. This should end the proxy problem.



Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

• R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.softonic.com/MOY00002...mi=32f86da70000000000001c6f653e8a90&toi=16031
• R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:16110;https=127.0.0.1:16110
• O3 - Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
• O4 - HKUS\S-1-5-18\..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe (User 'SYSTEM')
• O4 - HKUS\.DEFAULT\..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe (User 'Default user')
• O20 - AppInit_DLLs: c:\progra~2\search~1\datamngr\mgrldr.dll

NOTE: HJT may popup an error about the AppInit_DLLs line. Ignore it and click OK to continue.

After clicking Fix exit Hijackthis.




Download and run OTM.

Download OTM by Old Timer and save it to your Desktop.

• Right-click OTM.exe And select " Run as administrator " to run it.
• Paste the following code under the area. Do not include the word Code.

Code:

:Processes
explorer.exe

:reg
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"SearchProtect"=-
[HKEY_USERS\S-1-5-21-4243903602-169609973-1170628408-501\Software\Microsoft\Windows\CurrentVersion\run]
"SearchProtect"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{69C02672-AAD3-4166-AAD5-CB0BBC92FD77}]

:files
C:\ProgramData\ParetoLogic
C:\Program Files (x86)\ParetoLogic

:Commands
[emptytemp]
[Reboot]

• Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
• Push the large button.
• OTM may ask to reboot the machine. Please do so if asked.
• Copy everything in the Results window (under the green bar), and paste it into notepad, save it as something appropriate and attach it into your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and attach the contents of that document back here in your next post.






Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Attach JRT.txt to your next message.

Run Hitman again, (just a scan) and attach log.


Now run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista, Windows7 or Win8) Then attach the new C:\MGlogs.zip file that will be created by running this.

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

 

Fix items using RogueKiller.

Double-click RogueKiller.exe to run. (Vista/7 right-click and select Run as Administrator)
When it opens, press the Scan button
Now click the Registry (or proxy) tab and locate this detection:

• [PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (hxxp=127.0.0.1:16110;hxxps=127.0.0.1:16110 [Country: (Private Address) (XX), City: (Private Address)]) -> FOUND

Place a checkmark next to this item, leave the others unchecked.
Now press the Delete button.
When it is finished, there will be a log on your desktop called: RKreport[2].txt
Attach RKreport[2].txt to your next message. (How to attach)
Reboot the machine.

• Right-click OTM.exe And select " Run as administrator " to run it.
• Paste the following code under the area. Do not include the word Code.

Code:

:Files
C:\Users\Trevor\AppData\LocalLow\ShoppingReport2
C:\Program Files (x86)\Conduit
C:\ProgramData\Tarma Installer
C:\Users\Christine\AppData\LocalLow\Conduit
C:\Users\Christine\AppData\LocalLow\searchquband
C:\Users\Christine\AppData\LocalLow\searchqutoolbar
C:\Users\trev cape\AppData\LocalLow\searchquband
C:\Users\Trevor\AppData\LocalLow\Conduit
C:\Users\Trevor\AppData\LocalLow\searchquband
C:\Users\Trevor\AppData\LocalLow\Softonic

:reg
[-HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}]
[-HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}]
[-HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}]
[-HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}]
[-HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}]
[-HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}]
[-HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}]
[-HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}]
[-HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}]
[-HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}]
[-HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}]
[-HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}]
[-HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}]
[-HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}]
[-HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}]
[-HKLM\SOFTWARE\Classes\Prod.cap]
[-HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}]
[-HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}]
[-HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}]
[-HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}]
[-HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{39CB8175-E224-4446-8746-00566302DF8D}]
[-HKLM\SOFTWARE\DomaIQ]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467]
[-HKLM\SOFTWARE\Tarma Installer\Components\{9307081B-7444-494C-8CF6-2FA7C0E92BFB}]
[-HKLM\SOFTWARE\Wow6432Node\Conduit]
[-HKU\S-1-5-21-4243903602-169609973-1170628408-1000\Software\AppDataLow\Software\Crossrider]
[-HKU\S-1-5-21-4243903602-169609973-1170628408-1000\Software\AppDataLow\Software\Smartbar]
[-HKU\S-1-5-21-4243903602-169609973-1170628408-1000\Software\Conduit]
[-HKU\S-1-5-21-4243903602-169609973-1170628408-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4f12-8568-69135F087DB0}]
[-HKU\S-1-5-21-4243903602-169609973-1170628408-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}]


:Commands
[emptytemp]
[Reboot]

• Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
• Push the large button.
• OTM may ask to reboot the machine. Please do so if asked.
• Copy everything in the Results window (under the green bar), and paste it in your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and attach the contents of that document back here in your next post.


Describe how things are running now.

 

Download OTL to your desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Vista and Windows 7 users Right-click OTL and choose Run as Administrator)
• When the window appears, underneath Output at the top change it to Minimal Output.
• Check the boxes beside LOP Check and Purity Check.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Attach both of these logs into your next reply.


Also, please re run RogueKiller (just a scan! Don't fix anything!) and attach log.

 

Fix items using RogueKiller.

Double-click RogueKiller.exe to run. (Vista/7 right-click and select Run as Administrator)
When it opens, press the Scan button
Now click the Registry or PROXY tab and locate this 1 detection:

• [PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (hxxp=127.0.0.1:16110;hxxps=127.0.0.1:16110 [Country: (Private Address) (XX), City: (Private Address)]) -> FOUND

Place a checkmark next to this item, leave the others unchecked.
Now press the Delete button.
When it is finished, there will be a log on your desktop called: RKreport[2].txt
Attach RKreport[2].txt to your next message. (How to attach)
Reboot the machine.





We need to run an OTL Fix

• Right-click OTL.exe to run it. If Windows UAC prompts you, please allow it.
• Copy and Paste the following code into the textbox. Do not include the word Code

Code:

:otl
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.softonic.com/MOY00002/tb_v1?SearchSource=10&cc=&mi=32f86da70000000000001c6f653e8a90&toi=16031
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:16110;https=127.0.0.1:16110
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O20:[b]64bit:[/b] - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\mgrldr.dll) -  File not found
[2013/12/01 18:16:09 | 000,000,000 | ---D | C] -- C:\Users\Trevor\AppData\Local\WhiteListing
[2013/12/01 18:16:09 | 000,000,000 | ---D | C] -- C:\Users\Trevor\AppData\Local\TBHostSupport
[2012/10/28 20:47:41 | 000,000,000 | ---D | M] -- C:\Users\Trevor\AppData\Roaming\SpeedyPC Software
[2011/12/16 12:59:25 | 000,000,000 | ---D | M] -- C:\Users\Trevor\AppData\Roaming\UpdateTemp1075860584
@Alternate Data Stream - 180 bytes -> C:\ProgramData\TEMP:4CD3F344
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 1086 bytes -> C:\Users\Trevor\AppData\Local\WPDmB44ig537EO:jaCcA6Gn2HjxbBIUwJAh
  
:commands
[EMPTYTEMP]
[RESETHOSTS]
[REBOOT]

• Then click the Run Fix button at the top.
• Click Image.
• OTL may ask to reboot the machine. Please do so if asked.
• The report should appear in Notepad after the reboot. ATTACH that report in your next reply.

• Now re run OTL again (just a scan) and attach log.
• Same for RogueKiller.
• How are things running?

 

Are you sure because at 8.20pm you ran a scan which shows it there.

Then LATER on, at 9.08pm you ran a scan which shows it gone.

 

Please download Combofix to your desktop. Please refer to these instructions prior to running.

 

Trev, I know it's frustrating. I'm doing my best to work this out. Hang in there.

 

Try this please:

How to reset Internet Explorer settings

Let me know if it helped or not.

 

Oh I hope so Trev. If not, I'm going to have a word with the boss and see what he thinks about it. So either way, you're going to get fixed, don't worry.

 

Hi Trev, I had a feeling it might return. I have pointed Chas in the direction of your thread. Hang in there, he's a very busy man.

In the mean time, although it could be ground you have already covered, take a look at this and ensure you've followed instructions for Google Chrome and IE.

Proxy Server - Changing Settings

 

Now we need to use ComboFix by sUBs

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
• If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
• Open Notepad and copy/paste the text in the below quote box. Ensure you scroll down to select ALL the lines:

Code:

KILLALL::

DDS::
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:16111;https=127.0.0.1:16111

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
  
  
  
  
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.

Please attach the C:\combofix.txt

Has it gone now?

 

Questions:

• When was McAfee installed? (approximately)
• When did the problem with ProxyServer begin?
• Did you notice that McAfee has Proxy Server service running?

Something to test to see if McAfee is involved.

• Click the "Start" button and type Services into the Start Search box.
  
• You should see the Services gear icon appear up above.
  
• Right Click on Services and select Run As Administrator and allow it to run.
  
• When the Services dialog box opens you will see a list of services.
  
• Scroll down the list until you find the McAfee Proxy service entry.
  
• Right-click the McAfee Proxy entry and select Stop. This will stop the service if it is currently running.
  
• Right-click the entry again, select Properties and then change the Startup Type menu to Disabled.
  
• Okay your way out of this and close the Services form. Then reboot your PC.
  
• This should stop McAfee Proxy from starting up.
  
• See if ProxyServer settings are gone now. If not, see if you can change them to what you want and then reboot and see if it holds. If not, I have to wonder if it is due to some other software you are running, including possibly McAfee maintaining a list of settings to preserve.
  

NOTE to Kestrel13!, I saw a bunch of Conduit and other junkware in logs that needs to be removed still especially since a system restore was performed. For example an OTL log I had seen

 

You're welcome.

Let's skip that for now and do the below.

Be patient while doing the below. The fixes can sometimes take quite awhile to run. Especially the permissions repairs. It may be best to kick it off and goto bed or do something else. It is better not to run anything while the repairs are going on.

Download Windows Repair by Tweaking.com and unzip the contents into a newly created folder on your desktop.

• Now run Repair_Windows.exe by double clicking on it ( if you are running Vista or Win 7, use right click and select Run As Administrator)
• Now select the Start Repairs tab.
• The click the Start button.
• Create a System Restore point if prompted.
• On the next screen, click the Unselect All button to first deselect all repairs.
• Now select the following repair options:
  • Reset Registry Permissions
  • Reset File Permissions
  • Remove Policies Set By Infections
  • Repair Proxy Settings
• Now on the lower right side check the box to Restart/Shutdown System When Finished
• Then make sure the Restart System radio button is enabled.
• Shutdown any other programs that you are running now before continuing.
• Now click the Start button.
• Be patient while the tool repairs the selected items.
• It should reboot automatically when finished. If it does not then reboot the PC yourself before continuing.

Now shut down your protection software (antivirus, antispyware...etc) to avoid possible conflicts.

• Double-click OTL.exe to run. (Note: if using Vista, Win7 or Win8 use right-click and select Run as Administrator)
• Copy the text in the code box below and paste it into the text-field.

Code:

:OTL
IE - HKLM\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTo0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {5CEA3CDA-2536-42FC-9626-7486247E4B7A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:16110;https=127.0.0.1:16110
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Trevor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll
O2 - BHO: (uTorrentControl_v2 Toolbar) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTo0.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (uTorrentControl_v2 Toolbar) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTo0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentControl_v2 Toolbar) - {7473B6BD-4691-4744-A82B-7854EB3D70B6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTo0.dll (Conduit Ltd.) 

:Reg
[-hkey_current_user\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable"=-
"ProxyOverride"=-
"ProxyServer"=-
:Commands
[PURITY]
[EMPTYTEMP] 
[EMPTYFLASH]
[REBOOT]

• Now click the button.
• If the fix needed a reboot please do it.
• Click the OK button (upon reboot).
• When OTL is finished, Notepad will open. Close Notepad.
• A log file will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
• Attach this log to your next message. (See: How to attach)

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• the log from OTL
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

You're welcome. I still do not think this is a malware problem. I believe it is something you installed and are running the is bring it back. And my first educated guess would be whatever program the below service is supposed to before.​

023 - Service: MR APP Event Service (EventService) - Unknown owner - C:\Program Files (x86)\MR APP\MRAPP.Event.Service.exe​

I bet this is some junkware you installed at some point. So let's remove this. Also my educated guess is that it is related to Valued Opinions Notify which you installed. So start by uninstalling this and then run the below for backup.​

Please download OTM by Old Timer and save it to your Desktop.

• Run OTM.exe by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).
• Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
  the code box

Code:

[LEFT]:Processes
explorer.exe[/LEFT]
 
[LEFT]:Services
EventService[/LEFT]
 
[LEFT]:Files
C:\Program Files (x86)\MR APP

:Commands
[LEFT][purity]
[EmptyTemp]
[start explorer]
[Reboot][/LEFT]
[/LEFT]

• Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.

​

• Now click the large button.
• If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
• Close OTM.
• Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file.
• Attach this log file to your next message.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator). ​

Then attach the below logs:

• the C:\_OTM\MovedFiles log
• C:\MGlogs.zip

​

Make sure you tell me how things are working now!

 

You're welcome. Looks like it is gone to me.

 

You're welcome from me and Kestrel13!. I'm sure she will be checking in on this post.

The below should help address your questions, but as noted in the link given in the last step, you are the first and last line of defense. This problem with the proxy was caused by something you allowed to be installed. Protection software cannot protect you from things you choose to do. Everything is not considered malware but there can be side effects from things you install.


If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
3. Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
4. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
5. If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
6. Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
7. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others) and running MGclean.bat did not remove them, you can delete these files now.
8. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
9. If you are running Win 8, Win 7, Vista, Windows XP or Windows ME, do the below to flush restore points:
   • Refer to the instructions for your WIndows version in this link: Disable And Enable System Restore​
   • What we want you to do is to first disable System Restore to flush restore points some of which could be infected.
   • Then we want you to Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

 

I told you Chaslang would do the job. I'm glad all is running well again.